Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Please help me remove ps guard [RESOLVED]

beatnu0

Posted 18 August 2005 - 12:12 AM

beatnu0

Member

Member

28 posts

Hi, my name is ryan and im new to all this. Ive done best to my ability to what it says before posting your hijackthis log etc. If ive done something wrong please tell me as any advice would be most appreciated. Well here is my hijackthis log:

Advertisements

don77

Posted 18 August 2005 - 08:48 PM

Hi Ryan and welcome, You have a couple infections here that we need to get cleaned up, Lets get rid of the nasties first,

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzipAbout:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.AboutBuster MUST be updated before you use it.Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Please download and install AD-Aware.Check Here on how setup and use it - please make sure you update it first.

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Important Step1. Go to Start->Run and type "Services.msc" (without quotes) then hit OkScroll down and find the service called:

”Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I)“

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

6. Delete the following files if present:If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.C:\PROGRA~1\COMMON~1\tsa\tsl2.exeC:\WINDOWS\system32\sysqi.exeC:\WINDOWS\javagg32.exeC:\WINDOWS\netgc32.exeC:\WINDOWS\system32\winvx.exeC:\WINDOWS\sysar32.exe

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

7. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

8. Scan with AdAware and let it remove any bad files found.

9. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary FilesTemporary Internet FilesRecycle Bin

10. Double click on the cwsserviceremove and when asked to merge say yes.

11. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

12. Reboot into normal mode.

13. Download the Hoster from Here Press "Restore Original Hosts" and press "OK". Exit Program

beatnu0

Posted 19 August 2005 - 01:33 AM

beatnu0

Member

Topic Starter

Member

28 posts

thank you for your help. i have a problem tho, when i download aboutbuster and try and open it it says the datbase file is corrupt or missing, please download a new one. I have no idea where to get another 1 from and im not sure what to do.Thanks.

Posted 19 August 2005 - 12:41 PM

beatnu0

Posted 19 August 2005 - 03:42 PM

beatnu0

Member

Topic Starter

Member

28 posts

Yeah i was able to download about buster. I only ran ewido and i did remove messenger 3 from the add/remove programs. Have i done something wrong? Ive done a system restore and it *seems* to have fixed it. Heres a more recent HFT log:

don77

Posted 19 August 2005 - 05:39 PM

No not at all, I would have rather have not had you done a systems restore we still have some issues to clean up,

I need to see a different log so we can be sure and get rid of the rest of the lop infection you still have

Please click this link to download Silent Runners. * Save it to the desktop.* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

INFECTION WARNING! The running services cannot be counted.Presence of a spyware service is suspected.The script has been forced to exit.

----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 30 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars took 8 seconds.---------- (total run time: 61 seconds)

INFECTION WARNING! The running services cannot be counted.Presence of a spyware service is suspected.The script has been forced to exit.

----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 28 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars took 8 seconds.---------- (total run time: 59 seconds)

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.For ease use the following programDownload and install CleanupRun "Cleanup" and when it has finished, Reboot